Configuring an integration node vault

You can configure an integration node vault to store credentials, which can then be used by the integration node and its managed integration servers to access secured resources.

Before you begin

Read Configuring an IBM App Connect Enterprise vault.

About this task

An integration node vault is an App Connect Enterprise vault that can be used by an integration node and the integration servers that it manages. Each integration node has its own vault, with its own vault key, which is shared by all the integration servers that it manages. The vault is created when the integration node is configured, and the integration servers that are managed by the integration node have access to the vault.

Procedure

You can configure an integration node vault by using one of the following methods.

Using the ibmint security commands

You can use the ibmint security commands to create or delete a vault, to change or verify a vault key, and to manage the credentials that are stored in the vault. The vault stores the records in encrypted form. Credentials that are stored in an integration node vault can be accessed by the integration node and all of the integration servers that it manages. For more information, see the command topics that are listed in the following table.

Table 1. Security ibmint commands
Command name	Topic reference
ibmint create vault	ibmint create vault command
ibmint delete vault	ibmint delete vault command
ibmint display credentials	ibmint display credentials command
ibmint display credential-types	ibmint display credential-types command
ibmint export credentials	ibmint export credentials command
ibmint import credentials	ibmint import credentials command
ibmint set credential	ibmint set credential command
ibmint unset credential	ibmint unset credential command
ibmint update vault-key	ibmint update vault-key command
ibmint update vaultrc	ibmint update vaultrc command

Using the mqsivault command

You can use the mqsivault command to create or destroy a vault, to change or verify a vault key, or to retrieve credentials from a vault. The vault stores the records in encrypted form. Credentials that are stored in an integration node vault can be accessed by the integration node and all of the integration servers that it manages.

You can copy the contents of a vault into another vault by using the import and export options of the mqsivault command. You can use the --export parameter to copy the contents of a vault into a temporary archive (.zip file) and then use the --import parameter to import the contents of the archive file into the target vault. The vault entries are stored in the archive using an archive key to symmetrically encrypt and decrypt the values.

For more information about using the mqsivault command to configure a vault, see mqsivault command and Configuring encrypted security credentials.

For information about creating, updating, retrieving, or deleting the security credentials, see mqsicredentials command.
Using the mqsicreatebroker command

If you create an integration node by running the mqsicreatebroker command, you can create a vault for that integration node by specifying either the --vault-key or --vaultrc-location parameter on the command. For more information about how to use the command, see mqsicreatebroker command.